» Tags

Parameter

Parameter Fuzzing Tools

Parameter Fuzzing Tools Comprehensive collection of parameter fuzzing tools and techniques for web application security testing. FFuF (Fuzz Faster U Fool) Basic Parameter Fuzzing # Basic parameter fuzzing ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" # With POST data ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL" -d "FUZZ=value" # With GET parameters ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL?FUZZ=value" # With multiple parameters ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL?FUZZ=value&id=1" # With output file ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -o results.txt # With JSON output ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -json -o results.json # With verbose output ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -v # With silent output ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -s Advanced FFuF Options # With specific status codes ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -sc 200,204,301,302,307,401,403 # With exclude status codes ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -fs 404,500 # With threads ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -t 50 # With delay ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -d 1s # With cookies ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -b "PHPSESSID=abc123" # With headers ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -H "User-Agent: CustomAgent" # With proxy ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -p http://127.0.0.1:8080 # With authentication ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -u admin:password # With SSL options ffuf -w /usr/share/wordlists/parameter-names.txt -u "https://TARGET_URL/FUZZ" -k # With recursive fuzzing ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -recursion # With wordlist for values ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -w /usr/share/wordlists/parameter-values.txt -u "http://TARGET_URL?FUZZ=FUZZ2" Wfuzz Basic Parameter Fuzzing # Basic parameter fuzzing wfuzz -w /usr/share/wordlists/parameter-names.txt http://TARGET_URL/FUZZ # With POST data wfuzz -w /usr/share/wordlists/parameter-names.txt -d "FUZZ=value" http://TARGET_URL # With GET parameters wfuzz -w /usr/share/wordlists/parameter-names.txt http://TARGET_URL?FUZZ=value # With multiple parameters wfuzz -w /usr/share/wordlists/parameter-names.txt http://TARGET_URL?FUZZ=value&id=1 # With output file wfuzz -w /usr/share/wordlists/parameter-names.txt -o results.txt http://TARGET_URL/FUZZ # With JSON output wfuzz -w /usr/share/wordlists/parameter-names.txt -o results.json -f json http://TARGET_URL/FUZZ # With verbose output wfuzz -w /usr/share/wordlists/parameter-names.txt -v http://TARGET_URL/FUZZ # With silent output wfuzz -w /usr/share/wordlists/parameter-names.txt -s http://TARGET_URL/FUZZ Advanced Wfuzz Options # With specific status codes wfuzz -w /usr/share/wordlists/parameter-names.txt --sc 200,204,301,302,307,401,403 http://TARGET_URL/FUZZ # With exclude status codes wfuzz -w /usr/share/wordlists/parameter-names.txt --ss 404,500 http://TARGET_URL/FUZZ # With threads wfuzz -w /usr/share/wordlists/parameter-names.txt -t 50 http://TARGET_URL/FUZZ # With delay wfuzz -w /usr/share/wordlists/parameter-names.txt -d 1 http://TARGET_URL/FUZZ # With cookies wfuzz -w /usr/share/wordlists/parameter-names.txt -b "PHPSESSID=abc123" http://TARGET_URL/FUZZ # With headers wfuzz -w /usr/share/wordlists/parameter-names.txt -H "User-Agent: CustomAgent" http://TARGET_URL/FUZZ # With proxy wfuzz -w /usr/share/wordlists/parameter-names.txt -p 127.0.0.1:8080 http://TARGET_URL/FUZZ # With authentication wfuzz -w /usr/share/wordlists/parameter-names.txt -u admin:password http://TARGET_URL/FUZZ # With SSL options wfuzz -w /usr/share/wordlists/parameter-names.txt -k https://TARGET_URL/FUZZ # With recursive fuzzing wfuzz -w /usr/share/wordlists/parameter-names.txt -r http://TARGET_URL/FUZZ # With wordlist for values wfuzz -w /usr/share/wordlists/parameter-names.txt -w /usr/share/wordlists/parameter-values.txt http://TARGET_URL?FUZZ=FUZZ2 Burp Suite Basic Parameter Fuzzing # Using Burp Suite CLI burp -u http://TARGET_URL -w /usr/share/wordlists/parameter-names.txt # With POST data burp -u http://TARGET_URL -w /usr/share/wordlists/parameter-names.txt -d "FUZZ=value" # With GET parameters burp -u http://TARGET_URL -w /usr/share/wordlists/parameter-names.txt -g "FUZZ=value" # With multiple parameters burp -u http://TARGET_URL -w /usr/share/wordlists/parameter-names.txt -g "FUZZ=value&id=1" # With output file burp -u http://TARGET_URL -w /usr/share/wordlists/parameter-names.txt -o results.txt # With JSON output burp -u http://TARGET_URL -w /usr/share/wordlists/parameter-names.txt -j results.json # With verbose output burp -u http://TARGET_URL -w /usr/share/wordlists/parameter-names.txt -v # With silent output burp -u http://TARGET_URL -w /usr/share/wordlists/parameter-names.txt -s Advanced Burp Suite Options # With specific status codes burp -u http://TARGET_URL -w /usr/share/wordlists/parameter-names.txt -s 200,204,301,302,307,401,403 # With exclude status codes burp -u http://TARGET_URL -w /usr/share/wordlists/parameter-names.txt -e 404,500 # With threads burp -u http://TARGET_URL -w /usr/share/wordlists/parameter-names.txt -t 50 # With delay burp -u http://TARGET_URL -w /usr/share/wordlists/parameter-names.txt -d 1 # With cookies burp -u http://TARGET_URL -w /usr/share/wordlists/parameter-names.txt -c "PHPSESSID=abc123" # With headers burp -u http://TARGET_URL -w /usr/share/wordlists/parameter-names.txt -H "User-Agent: CustomAgent" # With proxy burp -u http://TARGET_URL -w /usr/share/wordlists/parameter-names.txt -p http://127.0.0.1:8080 # With authentication burp -u http://TARGET_URL -w /usr/share/wordlists/parameter-names.txt -a admin:password # With SSL options burp -u https://TARGET_URL -w /usr/share/wordlists/parameter-names.txt -k # With recursive fuzzing burp -u http://TARGET_URL -w /usr/share/wordlists/parameter-names.txt -r # With wordlist for values burp -u http://TARGET_URL -w /usr/share/wordlists/parameter-names.txt -w /usr/share/wordlists/parameter-values.txt -g "FUZZ=FUZZ2" Custom Scripts Python Parameter Fuzzer import requests import threading import queue import time import re def parameter_fuzzer(url, wordlist, threads=10, delay=0): def worker(): while True: try: parameter = wordlist.get() if parameter is None: break # Test GET parameter test_url = url + "?" + parameter + "=test" response = requests.get(test_url, timeout=5) if response.status_code == 200: print(f"[GET] {test_url} - {response.status_code}") elif response.status_code == 301 or response.status_code == 302: print(f"[GET] {test_url} - {response.status_code} -> {response.headers.get('Location', 'N/A')}") elif response.status_code == 403: print(f"[GET] {test_url} - {response.status_code}") elif response.status_code == 401: print(f"[GET] {test_url} - {response.status_code}") # Test POST parameter data = {parameter: "test"} response = requests.post(url, data=data, timeout=5) if response.status_code == 200: print(f"[POST] {url} - {response.status_code}") elif response.status_code == 301 or response.status_code == 302: print(f"[POST] {url} - {response.status_code} -> {response.headers.get('Location', 'N/A')}") elif response.status_code == 403: print(f"[POST] {url} - {response.status_code}") elif response.status_code == 401: print(f"[POST] {url} - {response.status_code}") time.sleep(delay) except Exception as e: pass finally: wordlist.task_done() # Start threads for i in range(threads): t = threading.Thread(target=worker) t.daemon = True t.start() # Add parameters to queue with open(wordlist_file, 'r') as f: for line in f: wordlist.put(line.strip()) # Wait for completion wordlist.join() # Usage url = "http://TARGET_URL" wordlist_file = "/usr/share/wordlists/parameter-names.txt" wordlist = queue.Queue() parameter_fuzzer(url, wordlist, threads=20, delay=0.1) Bash Parameter Fuzzer #!/bin/bash TARGET_URL="http://TARGET_URL" WORDLIST="/usr/share/wordlists/parameter-names.txt" THREADS=10 # Function to check parameter check_parameter() { local parameter=$1 # Test GET parameter test_url="${TARGET_URL}?${parameter}=test" response=$(curl -s -o /dev/null -w "%{http_code}" "$test_url") case $response in 200) echo "[GET] $test_url - $response" ;; 301|302) echo "[GET] $test_url - $response" ;; 403) echo "[GET] $test_url - $response" ;; 401) echo "[GET] $test_url - $response" ;; esac # Test POST parameter response=$(curl -s -o /dev/null -w "%{http_code}" -d "${parameter}=test" "$TARGET_URL") case $response in 200) echo "[POST] $TARGET_URL - $response" ;; 301|302) echo "[POST] $TARGET_URL - $response" ;; 403) echo "[POST] $TARGET_URL - $response" ;; 401) echo "[POST] $TARGET_URL - $response" ;; esac } # Export function for parallel export -f check_parameter export TARGET_URL # Run parallel parameter check cat "$WORDLIST" | parallel -j "$THREADS" check_parameter {} Wordlists Common Parameter Wordlists # SecLists parameter wordlists /usr/share/wordlists/SecLists/Discovery/Web-Content/parameter-names.txt /usr/share/wordlists/SecLists/Discovery/Web-Content/parameter-values.txt /usr/share/wordlists/SecLists/Discovery/Web-Content/api-parameter-names.txt # Custom parameter wordlists /usr/share/wordlists/custom/parameter-names.txt /usr/share/wordlists/custom/parameter-values.txt /usr/share/wordlists/custom/api-parameters.txt # Generate custom wordlists echo "id,user,admin,test,debug,dev,prod,staging" | tr ',' '\n' > custom_parameters.txt Creating Custom Wordlists # Extract parameters from JavaScript grep -oP '\.\w+\s*=' *.js | sed 's/\.//g' | sed 's/\s*=.*//g' | sort -u > js_parameters.txt # Extract parameters from HTML forms grep -oP 'name="[^"]*"' *.html | sed 's/name="//g' | sed 's/"//g' | sort -u > form_parameters.txt # Extract parameters from API documentation grep -oP '"[^"]*":\s*{' *.json | sed 's/"//g' | sed 's/:\s*{//g' | sort -u > api_parameters.txt # Combine multiple wordlists cat wordlist1.txt wordlist2.txt wordlist3.txt | sort -u > combined_wordlist.txt # Remove empty lines and duplicates grep -v '^$' wordlist.txt | sort -u > clean_wordlist.txt Fuzzing Techniques GET Parameter Fuzzing # Basic GET parameter fuzzing ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL?FUZZ=value" # With multiple parameters ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL?FUZZ=value&id=1&name=test" # With specific values ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL?FUZZ=admin" # With encoded values ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL?FUZZ=%61%64%6d%69%6e" POST Parameter Fuzzing # Basic POST parameter fuzzing ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL" -d "FUZZ=value" # With multiple parameters ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL" -d "FUZZ=value&id=1&name=test" # With specific values ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL" -d "FUZZ=admin" # With encoded values ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL" -d "FUZZ=%61%64%6d%69%6e" Header Fuzzing # Basic header fuzzing ffuf -w /usr/share/wordlists/header-names.txt -u "http://TARGET_URL" -H "FUZZ: value" # With multiple headers ffuf -w /usr/share/wordlists/header-names.txt -u "http://TARGET_URL" -H "FUZZ: value" -H "X-Custom: test" # With specific values ffuf -w /usr/share/wordlists/header-names.txt -u "http://TARGET_URL" -H "FUZZ: admin" # With encoded values ffuf -w /usr/share/wordlists/header-names.txt -u "http://TARGET_URL" -H "FUZZ: %61%64%6d%69%6e" Cookie Fuzzing # Basic cookie fuzzing ffuf -w /usr/share/wordlists/cookie-names.txt -u "http://TARGET_URL" -b "FUZZ=value" # With multiple cookies ffuf -w /usr/share/wordlists/cookie-names.txt -u "http://TARGET_URL" -b "FUZZ=value; PHPSESSID=abc123" # With specific values ffuf -w /usr/share/wordlists/cookie-names.txt -u "http://TARGET_URL" -b "FUZZ=admin" # With encoded values ffuf -w /usr/share/wordlists/cookie-names.txt -u "http://TARGET_URL" -b "FUZZ=%61%64%6d%69%6e" Best Practices Rate Limiting # Add delay between requests ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -d 1s # Use fewer threads ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -t 10 # Use proxy rotation ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -p http://proxy1:8080 Stealth Mode # Use random user agents ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -a "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" # Use realistic delays ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -d 2s # Use smaller wordlists ffuf -w /usr/share/wordlists/SecLists/Discovery/Web-Content/parameter-names.txt -u "http://TARGET_URL/FUZZ" Output Analysis # Save results to file ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -o results.txt # Filter by status code grep "200" results.txt grep "403" results.txt grep "301\|302" results.txt # Sort by response size sort -k3 -n results.txt Troubleshooting Common Issues # Connection timeout ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -t 5 # Too many requests ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -d 2s # Invalid SSL certificate ffuf -w /usr/share/wordlists/parameter-names.txt -u "https://TARGET_URL/FUZZ" -k # Authentication required ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -u admin:password Performance Optimization # Use appropriate thread count ffuf -w /usr/share/wordlists/parameter-names.txt -u "http://TARGET_URL/FUZZ" -t 20 # Use smaller wordlists for initial scan ffuf -w /usr/share/wordlists/SecLists/Discovery/Web-Content/parameter-names.txt -u "http://TARGET_URL/FUZZ" # Use specific wordlists ffuf -w /usr/share/wordlists/api-parameter-names.txt -u "http://TARGET_URL/FUZZ" Legal and Ethical Considerations Always obtain proper authorization before testing Respect rate limits and server resources Use appropriate wordlists for the target Document findings properly Follow responsible disclosure practices

1월 10, 2025 · 7 분